Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2024 Ran by Dee Skelley (06-10-2024 12:43:44) Running from C:\Users\Dee Skelley\Desktop Microsoft Windows 10 Home Version 22H2 19045.4957 (X64) (2021-07-08 18:34:13) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-2958740073-524152327-740456925-500 - Administrator - Disabled) Dee Skelley (S-1-5-21-2958740073-524152327-740456925-1001 - Administrator - Enabled) => C:\Users\Dee Skelley DefaultAccount (S-1-5-21-2958740073-524152327-740456925-503 - Limited - Disabled) dskel (S-1-5-21-2958740073-524152327-740456925-1002 - Administrator - Enabled) Guest (S-1-5-21-2958740073-524152327-740456925-501 - Limited - Enabled) ozzet (S-1-5-21-2958740073-524152327-740456925-1003 - Administrator - Enabled) WDAGUtilityAccount (S-1-5-21-2958740073-524152327-740456925-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 4.03.03.431 - Advanced Micro Devices, Inc.) AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 21.5.2 - Advanced Micro Devices, Inc.) AMD_Chipset_Drivers (HKLM-x32\...\{0fd12917-eb35-466f-b411-02c45a8a505d}) (Version: 4.03.03.431 - Advanced Micro Devices, Inc.) Hidden Branding64 (HKLM\...\{C871FC62-0186-40ED-BAEA-7C65BE367755}) (Version: 1.00.0006 - Advanced Micro Devices, Inc.) Hidden Epic Games Launcher (HKLM-x32\...\{A7BBC0A6-3DB0-41CC-BCED-DDFC5D4F3060}) (Version: 1.2.17.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Epic Online Services (HKLM-x32\...\{0B736177-814A-4ADE-81D1-66A0FDD55BB4}) (Version: 1.1.11.0 - Epic Games, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 129.0.6668.90 - Google LLC) Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Malwarebytes version 5.1.11.133 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.11.133 - Malwarebytes) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 129.0.2792.79 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 129.0.2792.79 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation) Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29334 (HKLM\...\{2E11EF4E-901F-4B2D-B68E-3DB2A566C857}) (Version: 14.28.29334 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29334 (HKLM\...\{8A3F7D5B-422D-49D9-84F7-8DC1B7782967}) (Version: 14.28.29334 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32\...\{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32\...\{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 131.0 (x64 en-US)) (Version: 131.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 94.0.2 - Mozilla) NVIDIA PhysX v8.09.04 (HKLM-x32\...\{A7E07C2B-2220-4415-87E3-784D5814BC93}) (Version: 8.09.04 - NVIDIA Corporation) PowerPoint (HKU\S-1-5-21-2958740073-524152327-740456925-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint) Revo Uninstaller 2.5.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.5.0 - VS Revo Group, Ltd.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 4.7 - Ubisoft) Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{85C69797-7336-4E83-8D97-32A7C8465A3B}) (Version: 8.94.0.0 - Microsoft Corporation) Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation) Chrome apps: ============ YouTube (HKU\S-1-5-21-2958740073-524152327-740456925-1001\...\3a5d7b257cb5d0c14f9769fecc433d33) (Version: 1.0 - Google\Chrome) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-10-05] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Windows\System32\atiacm64.dll [2021-06-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-10-05] (Malwarebytes Inc. -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Dee Skelley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf ==================== Loaded Modules (Whitelisted) ============= ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Dee Skelley\Desktop\AdwCleaner.exe:MBAM.Zone.Identifier [182] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ============= HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-12-07 05:14 - 2019-12-07 05:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2958740073-524152327-740456925-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dee Skelley\Pictures\Furry_files\6686e0bc71f3a1b5a95e7ba3831e9f20.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. Network Binding: ============= Ethernet: Realtek PCIe GBE Family Controller -> rt640x64.sys ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKU\S-1-5-21-2958740073-524152327-740456925-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2958740073-524152327-740456925-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-2958740073-524152327-740456925-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_9E06BE8F7D505564A0EB94364EDC4BA2" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{789901D8-742B-4FBD-A62A-45586D322CAB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{F6AD17CB-ED3C-4DAA-8D64-6D02196D0E66}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{4F9E5993-9026-457F-AA51-69BFB0DBEB12}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{CC0463A2-1B1B-434A-9914-CF15B3B401DD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{DF8D1765-0910-47BF-8FC6-205438EF846C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve Corp. -> ) FirewallRules: [{061164CE-9DBA-434B-B413-84E77B62A6C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve Corp. -> ) FirewallRules: [{903E6A5C-DB4D-457B-AEC3-54A8437C33C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{952DEC82-E68E-4BE1-8478-39AAB770ABBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{36AD491E-79B6-4015-918A-AC1EFB2BCB7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RecRoom\Recroom_Release.exe (EasyAntiCheat Oy -> Epic Games, Inc) FirewallRules: [{1826B53B-0DFD-40A3-AB6A-0C09EAD522CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RecRoom\Recroom_Release.exe (EasyAntiCheat Oy -> Epic Games, Inc) FirewallRules: [TCP Query User{A8389675-CDEA-4324-8C03-F6183E60AFA6}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{3820EEAE-810D-405C-9E55-490010259459}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{C168B53A-D8B4-40C0-9B2F-CE78DBDF1441}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Changed\Game.exe () [File not signed] FirewallRules: [{BCF5374F-910B-4E85-AF31-20E391283B96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Changed\Game.exe () [File not signed] FirewallRules: [{2677E04E-B105-4646-A511-1665334B5F62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs\bin\watch_dogs.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment) FirewallRules: [{882AA130-7A26-4048-8CEF-0B916EFBE53A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs\bin\watch_dogs.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment) FirewallRules: [{6BB42385-388B-40AD-9210-A3FA50BADE42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs\bin\watch_dogs.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment) FirewallRules: [{8A582698-159E-4EF3-A1D7-709F57D7C646}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs\bin\watch_dogs.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment) FirewallRules: [{6644D58A-5A42-4908-94B2-771FAE428F43}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{50D1A42A-CD3D-4060-B7B4-3AFBC9EA5A2A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{22582601-4648-4426-89C4-F97853631912}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs2\bin\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment) FirewallRules: [{C84A7E9C-21C4-4E7B-81ED-BE8846D8EC83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs2\bin\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment) FirewallRules: [{DEB6B823-5EDC-42D3-9DB7-9E239EC08888}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs2\EAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{F12850D1-D835-4C06-8EE5-C2924B7109EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs2\EAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{B073138F-F286-4867-8537-C2F69F34A56F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe () [File not signed] FirewallRules: [{22A143AA-897A-43B2-8B0F-C3914DCB9743}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe () [File not signed] FirewallRules: [{98913933-BDAD-4435-9734-99E9DF2F1A36}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Labrat\SCP Labrat.exe () [File not signed] FirewallRules: [{C7711C7B-C29B-4232-9E34-C52D5B0A7FB4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Labrat\SCP Labrat.exe () [File not signed] FirewallRules: [{160B13C3-213A-42E2-8AD8-F8DF93175345}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Containment Breach Multiplayer\game.exe () [File not signed] FirewallRules: [{4B95A1E4-E6FF-4897-BEFC-A669C8C714C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Containment Breach Multiplayer\game.exe () [File not signed] FirewallRules: [{1A9262DC-1D87-440F-80F0-C33322633BFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clue\Cluedo.exe () [File not signed] FirewallRules: [{ED4CB6EE-6D04-435A-98B2-FF2270E5580F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clue\Cluedo.exe () [File not signed] FirewallRules: [{26F4EA49-F7ED-4185-A45E-4D5BCCCC68AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe (Techland S.A. -> Techland) FirewallRules: [{C54F173E-6842-45C3-B4AA-BB552627FCF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe (Techland S.A. -> Techland) FirewallRules: [{46746F23-E5D2-413C-8510-D7B2EC657D82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SubnauticaZero\SubnauticaZero.exe () [File not signed] FirewallRules: [{5EEF3A91-A526-4E0F-A530-8170E4A139A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SubnauticaZero\SubnauticaZero.exe () [File not signed] FirewallRules: [{B3E0436E-7391-488C-8CED-226FC8F3EDC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheEvilWithin2\TEW2.exe (Zenimax Asia K.K.) [File not signed] FirewallRules: [{2FC96979-D6ED-4C5D-8843-7205FD09198F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheEvilWithin2\TEW2.exe (Zenimax Asia K.K.) [File not signed] FirewallRules: [{A3AB422A-0DB8-4572-AFB1-677B89805DC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCPTheFoundation\SCPTheFoundation.exe (Epic Games, Inc.) [File not signed] FirewallRules: [{30BEFD05-3D3E-46DB-81BD-7BDB932686F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCPTheFoundation\SCPTheFoundation.exe (Epic Games, Inc.) [File not signed] FirewallRules: [TCP Query User{FC3A4517-E100-4060-9D5A-DA76CA4B863E}C:\program files (x86)\steam\steamapps\common\scpthefoundation\scpthefoundation\binaries\win64\scpthefoundation.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\scpthefoundation\scpthefoundation\binaries\win64\scpthefoundation.exe (Epic Games, Inc.) [File not signed] FirewallRules: [UDP Query User{62B6C5C7-34F0-41C5-94BE-FDB13ECE325A}C:\program files (x86)\steam\steamapps\common\scpthefoundation\scpthefoundation\binaries\win64\scpthefoundation.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\scpthefoundation\scpthefoundation\binaries\win64\scpthefoundation.exe (Epic Games, Inc.) [File not signed] FirewallRules: [{D169D7C4-5CEF-4EC8-94F6-3D99808285D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Inside The Backrooms\Inside the Backrooms.exe () [File not signed] FirewallRules: [{55E06CD5-7E21-441C-858F-DAA6834FDB5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Inside The Backrooms\Inside the Backrooms.exe () [File not signed] FirewallRules: [{84FEC5C7-4CDB-47AE-9E24-0316E92CF01E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe () [File not signed] FirewallRules: [{78522E69-306B-47E7-A701-1187B77E44D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe () [File not signed] FirewallRules: [{429D6F0F-055A-40F3-9CAC-455C6D7E892B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Slender - The Arrival\Slender - The Arrival.exe () [File not signed] FirewallRules: [{8B357991-D239-4CAA-942A-B7A6AD381074}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Slender - The Arrival\Slender - The Arrival.exe () [File not signed] FirewallRules: [TCP Query User{86D26A35-1D61-47B0-AF40-4F7BD2BE59FE}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [UDP Query User{43E4E806-1DCD-4231-BA83-90E88D162360}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [{F5BD1E88-1198-4F13-B010-7E95A2B0CEA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe () [File not signed] FirewallRules: [{CE01C190-8981-4D12-A1D1-FA1F372818CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe () [File not signed] FirewallRules: [{6095B4B2-A276-4982-A67F-48BDEBC5921E}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerREC\ApowerREC.exe => No File FirewallRules: [{B97F7C89-59DA-4459-88AA-51161113B351}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerREC\ApowerREC.exe => No File FirewallRules: [{B1CAB6A0-453D-4B66-9F0D-86F5C9D5BF9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Intruders Hide and Seek\Intruders.exe () [File not signed] FirewallRules: [{431853D6-7A3A-4763-BFFA-64DDE27C7A10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Intruders Hide and Seek\Intruders.exe () [File not signed] FirewallRules: [TCP Query User{AA8D2D43-1508-440B-8994-A83B2ACFE642}C:\program files (x86)\steam\steamapps\common\intruders hide and seek\intruders\binaries\win64\intruders-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\intruders hide and seek\intruders\binaries\win64\intruders-win64-shipping.exe (Tessera Studios SL) [File not signed] FirewallRules: [UDP Query User{74571DC5-E28D-4D95-9FC0-2DE755D949D2}C:\program files (x86)\steam\steamapps\common\intruders hide and seek\intruders\binaries\win64\intruders-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\intruders hide and seek\intruders\binaries\win64\intruders-win64-shipping.exe (Tessera Studios SL) [File not signed] FirewallRules: [{46BAF21F-3D33-4FF2-A708-2278076D88B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Dark Pictures Anthology - Little Hope\LittleHope.exe (BANDAI NAMCO Entertainment) [File not signed] FirewallRules: [{A494709E-ABC1-46BA-9BA4-0667B995D9CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Dark Pictures Anthology - Little Hope\LittleHope.exe (BANDAI NAMCO Entertainment) [File not signed] FirewallRules: [TCP Query User{6DB66AD7-DA47-45C8-9F95-37C940A3DD07}C:\program files (x86)\steam\steamapps\common\the dark pictures anthology - little hope\smg024\binaries\win64\littlehope-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the dark pictures anthology - little hope\smg024\binaries\win64\littlehope-win64-shipping.exe (BANDAI NAMCO Entertainment) [File not signed] FirewallRules: [UDP Query User{48903A87-7172-42B6-837E-FF1AD5BE4C6E}C:\program files (x86)\steam\steamapps\common\the dark pictures anthology - little hope\smg024\binaries\win64\littlehope-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the dark pictures anthology - little hope\smg024\binaries\win64\littlehope-win64-shipping.exe (BANDAI NAMCO Entertainment) [File not signed] FirewallRules: [TCP Query User{75DC90F3-CCBC-4DA9-A7B3-C053871F6BBF}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{CDEF6C89-A83D-4D74-B708-ABDFC362E553}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{C549DE2C-5DD2-4ADA-BB83-4339FFB4AC90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe (Techland S.A. -> Techland) FirewallRules: [{F2418A59-1235-4582-B71A-46CEFCFF5F49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe (Techland S.A. -> Techland) FirewallRules: [{8C6DCD9E-D932-421B-A983-8749456F56DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe (CAPCOM CO., LTD. -> CAPCOM U.S.A, INC.) FirewallRules: [{66851D45-6C9A-48B1-A22B-5807F978CD65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe (CAPCOM CO., LTD. -> CAPCOM U.S.A, INC.) FirewallRules: [{C54134E8-2DD9-4F93-A042-8D5B80C91FCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Changed-special\Game.exe () [File not signed] FirewallRules: [{3B1E767B-418E-463E-A1D5-4B32748507C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Changed-special\Game.exe () [File not signed] FirewallRules: [{5C5A1D32-077E-42D2-ACA3-B64111B63EB0}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\129.0.2792.65\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{8F5A58A8-2F34-4EF6-951D-41B83954B897}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{26C09BB8-88AC-4A8E-B0D2-48170F4E8D1C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{5C2E0EEF-135D-4251-ABE8-829B2276F82B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{5D5FEF95-79CA-4628-9A69-A5B09CAE3C2F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.129.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{C961D570-72D6-4902-A06E-4E17E3912039}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{BA475757-8B12-48B8-BCE9-EDC847B4FACA}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\129.0.2792.79\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Restore Points ========================= 28-09-2024 17:53:21 Windows Modules Installer 30-09-2024 16:48:43 Windows Modules Installer 05-10-2024 12:15:19 Removed Avast Update Helper ==================== Faulty Device Manager Devices ============ Name: Microsoft Hyper-V Virtualization Infrastructure Driver Description: Microsoft Hyper-V Virtualization Infrastructure Driver Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: Vid Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Microsoft Virtual Drive Enumerator Description: Microsoft Virtual Drive Enumerator Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vdrvroot Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: NDIS Virtual Network Adapter Enumerator Description: NDIS Virtual Network Adapter Enumerator Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: NdisVirtualBus Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ======================== Application errors: ================== Error: (10/05/2024 03:03:33 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: ) Description: The storage optimizer couldn't complete retrim on (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A) Error: (10/05/2024 12:15:19 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x8007085a, The Workstation service has not been started.. Operation: OnIdentify event Gathering Writer Data Context: Execution Context: ASR Writer Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4} Writer Name: ASR Writer Writer Instance ID: {765fe6fa-f507-4f4f-977a-d1ae070c7e62} Error: (10/05/2024 11:56:36 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.. Error: (10/05/2024 11:56:36 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.] Error: (10/05/2024 11:56:36 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.. Error: (10/05/2024 11:56:36 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.] Error: (10/05/2024 11:54:13 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.. Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (10/05/2024 11:53:35 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x8007085a, The Workstation service has not been started.. Operation: OnIdentify event Gathering Writer Data Context: Execution Context: ASR Writer Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4} Writer Name: ASR Writer Writer Instance ID: {c2779e5b-e04d-473f-9cf2-0c16097ced6d} System errors: ============= Error: (10/06/2024 12:32:20 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The GoogleUpdater Service 130.0.6679.0 (GoogleUpdaterService130.0.6679.0) service terminated with the following service-specific error: %%75045 Error: (10/05/2024 08:33:52 PM) (Source: DCOM) (EventID: 10010) (User: ORIGINALWIN10) Description: The server Microsoft.AAD.BrokerPlugin_1000.19041.4239.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout. Error: (10/05/2024 08:30:50 PM) (Source: DCOM) (EventID: 10010) (User: ORIGINALWIN10) Description: The server Microsoft.AAD.BrokerPlugin_1000.19041.4239.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout. Error: (10/05/2024 11:56:33 AM) (Source: DCOM) (EventID: 10010) (User: ORIGINALWIN10) Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout. Error: (10/05/2024 11:56:29 AM) (Source: DCOM) (EventID: 10010) (User: ORIGINALWIN10) Description: The server Microsoft.Windows.Search_1.14.17.19041_neutral_neutral_cw5n1h2txyewy!ShellFeedsUI.AppXfbff151h5bmghg166fvn34ccayg70vts.mca did not register with DCOM within the required timeout. Error: (10/05/2024 11:54:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (10/05/2024 11:54:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s). Error: (10/05/2024 11:54:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AMD Crash Defender Service service terminated unexpectedly. It has done this 1 time(s). Windows Defender: ================ Date: 2024-10-05 16:04:06 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2024-10-05 13:51:53 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2024-10-05 13:10:54 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2024-10-04 20:12:30 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2024-10-04 19:54:44 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Event[0]: Date: 2024-10-04 19:04:33 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest security intelligence updates in order to enable real-time protection. Date: 2023-02-23 15:17:31 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest security intelligence updates in order to enable real-time protection. Date: 2022-05-26 20:37:21 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest security intelligence updates in order to enable real-time protection. Date: 2022-04-29 19:36:19 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest security intelligence updates in order to enable real-time protection. Date: 2022-04-29 19:28:39 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest security intelligence updates in order to enable real-time protection. CodeIntegrity: =============== Date: 2024-10-06 12:35:29 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements. Date: 2024-10-06 12:32:59 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements. Date: 2024-10-05 12:25:02 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. 5103 09/19/2012 Motherboard: ASUSTeK COMPUTER INC. F2A85-M Processor: AMD A10-5800K APU with Radeon(tm) HD Graphics Percentage of memory in use: 27% Total physical RAM: 12078.23 MB Available physical RAM: 8750.97 MB Total Virtual: 13934.23 MB Available Virtual: 10771.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:930.9 GB) (Free:435.89 GB) (Model: WDC WD10EZEX-08WN4A0) NTFS \\?\Volume{c7297c65-6034-45ca-8036-e15ad3fd9034}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS \\?\Volume{22800b9a-daa3-4194-a793-022140f7d324}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 7B309A69) Partition: GPT. ==================== End of Addition.txt =======================